alt Hacker NewsI really have never heard of on prem 365 deployments, I think any confidentiality is handled via contracted promises with legal ramifications for breaking. With Azure GovCloud for instance there’s no encryption / user key custody on the one drive side, everything you do is uploaded to Microsoft and they maintain keys, they just hire people who passed a background check to run the infrastructure, US nationals only etc
There is on prem office.
Government and 365 is weird.
Non-military entities use “Government Community Cloud”, which is an environment where data is stored in segmented areas of Microsoft data centers, but everything else is on commercial infrastructure.
You absolutely can host keys as a customer.
The Microsoft approach to all of this stuff is insane.